1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.os; 18 19 import android.Manifest; 20 import android.accounts.AccountManager; 21 import android.annotation.IntDef; 22 import android.annotation.NonNull; 23 import android.annotation.Nullable; 24 import android.annotation.RequiresPermission; 25 import android.annotation.SystemApi; 26 import android.annotation.SystemService; 27 import android.annotation.TestApi; 28 import android.annotation.UserIdInt; 29 import android.annotation.WorkerThread; 30 import android.app.Activity; 31 import android.app.ActivityManager; 32 import android.app.admin.DevicePolicyManager; 33 import android.content.ComponentName; 34 import android.content.Context; 35 import android.content.Intent; 36 import android.content.IntentFilter; 37 import android.content.IntentSender; 38 import android.content.pm.UserInfo; 39 import android.content.res.Resources; 40 import android.graphics.Bitmap; 41 import android.graphics.BitmapFactory; 42 import android.graphics.Rect; 43 import android.graphics.drawable.Drawable; 44 import android.provider.Settings; 45 import android.telephony.TelephonyManager; 46 import android.view.WindowManager.LayoutParams; 47 48 import com.android.internal.R; 49 import com.android.internal.os.RoSystemProperties; 50 51 import java.io.IOException; 52 import java.lang.annotation.Retention; 53 import java.lang.annotation.RetentionPolicy; 54 import java.util.ArrayList; 55 import java.util.List; 56 57 /** 58 * Manages users and user details on a multi-user system. There are two major categories of 59 * users: fully customizable users with their own login, and managed profiles that share a workspace 60 * with a related user. 61 * <p> 62 * Users are different from accounts, which are managed by 63 * {@link AccountManager}. Each user can have their own set of accounts. 64 * <p> 65 * See {@link DevicePolicyManager#ACTION_PROVISION_MANAGED_PROFILE} for more on managed profiles. 66 */ 67 @SystemService(Context.USER_SERVICE) 68 public class UserManager { 69 70 private static final String TAG = "UserManager"; 71 private final IUserManager mService; 72 private final Context mContext; 73 74 private Boolean mIsManagedProfileCached; 75 76 /** 77 * @hide 78 * No user restriction. 79 */ 80 @SystemApi 81 public static final int RESTRICTION_NOT_SET = 0x0; 82 83 /** 84 * @hide 85 * User restriction set by system/user. 86 */ 87 @SystemApi 88 public static final int RESTRICTION_SOURCE_SYSTEM = 0x1; 89 90 /** 91 * @hide 92 * User restriction set by a device owner. 93 */ 94 @SystemApi 95 public static final int RESTRICTION_SOURCE_DEVICE_OWNER = 0x2; 96 97 /** 98 * @hide 99 * User restriction set by a profile owner. 100 */ 101 @SystemApi 102 public static final int RESTRICTION_SOURCE_PROFILE_OWNER = 0x4; 103 104 /** @hide */ 105 @Retention(RetentionPolicy.SOURCE) 106 @IntDef(flag=true, value={RESTRICTION_NOT_SET, RESTRICTION_SOURCE_SYSTEM, 107 RESTRICTION_SOURCE_DEVICE_OWNER, RESTRICTION_SOURCE_PROFILE_OWNER}) 108 @SystemApi 109 public @interface UserRestrictionSource {} 110 111 /** 112 * Specifies if a user is disallowed from adding and removing accounts, unless they are 113 * {@link android.accounts.AccountManager#addAccountExplicitly programmatically} added by 114 * Authenticator. 115 * The default value is <code>false</code>. 116 * 117 * <p>From {@link android.os.Build.VERSION_CODES#N} a profile or device owner app can still 118 * use {@link android.accounts.AccountManager} APIs to add or remove accounts when account 119 * management is disallowed. 120 * 121 * <p>Key for user restrictions. 122 * <p>Type: Boolean 123 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 124 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 125 * @see #getUserRestrictions() 126 */ 127 public static final String DISALLOW_MODIFY_ACCOUNTS = "no_modify_accounts"; 128 129 /** 130 * Specifies if a user is disallowed from changing Wi-Fi 131 * access points. The default value is <code>false</code>. 132 * <p>This restriction has no effect in a managed profile. 133 * 134 * <p>Key for user restrictions. 135 * <p>Type: Boolean 136 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 137 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 138 * @see #getUserRestrictions() 139 */ 140 public static final String DISALLOW_CONFIG_WIFI = "no_config_wifi"; 141 142 /** 143 * Specifies if a user is disallowed from installing applications. 144 * The default value is <code>false</code>. 145 * 146 * <p>Key for user restrictions. 147 * <p>Type: Boolean 148 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 149 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 150 * @see #getUserRestrictions() 151 */ 152 public static final String DISALLOW_INSTALL_APPS = "no_install_apps"; 153 154 /** 155 * Specifies if a user is disallowed from uninstalling applications. 156 * The default value is <code>false</code>. 157 * 158 * <p>Key for user restrictions. 159 * <p>Type: Boolean 160 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 161 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 162 * @see #getUserRestrictions() 163 */ 164 public static final String DISALLOW_UNINSTALL_APPS = "no_uninstall_apps"; 165 166 /** 167 * Specifies if a user is disallowed from turning on location sharing. 168 * The default value is <code>false</code>. 169 * <p>In a managed profile, location sharing always reflects the primary user's setting, but 170 * can be overridden and forced off by setting this restriction to true in the managed profile. 171 * 172 * <p>Key for user restrictions. 173 * <p>Type: Boolean 174 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 175 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 176 * @see #getUserRestrictions() 177 */ 178 public static final String DISALLOW_SHARE_LOCATION = "no_share_location"; 179 180 /** 181 * Specifies if a user is disallowed from enabling the 182 * "Unknown Sources" setting, that allows installation of apps from unknown sources. 183 * The default value is <code>false</code>. 184 * 185 * <p>Key for user restrictions. 186 * <p>Type: Boolean 187 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 188 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 189 * @see #getUserRestrictions() 190 */ 191 public static final String DISALLOW_INSTALL_UNKNOWN_SOURCES = "no_install_unknown_sources"; 192 193 /** 194 * Specifies if a user is disallowed from configuring bluetooth. 195 * This does <em>not</em> restrict the user from turning bluetooth on or off. 196 * The default value is <code>false</code>. 197 * <p>This restriction doesn't prevent the user from using bluetooth. For disallowing usage of 198 * bluetooth completely on the device, use {@link #DISALLOW_BLUETOOTH}. 199 * <p>This restriction has no effect in a managed profile. 200 * 201 * <p>Key for user restrictions. 202 * <p>Type: Boolean 203 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 204 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 205 * @see #getUserRestrictions() 206 */ 207 public static final String DISALLOW_CONFIG_BLUETOOTH = "no_config_bluetooth"; 208 209 /** 210 * Specifies if bluetooth is disallowed on the device. 211 * 212 * <p> This restriction can only be set by the device owner and the profile owner on the 213 * primary user and it applies globally - i.e. it disables bluetooth on the entire device. 214 * <p>The default value is <code>false</code>. 215 * <p>Key for user restrictions. 216 * <p>Type: Boolean 217 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 218 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 219 * @see #getUserRestrictions() 220 */ 221 public static final String DISALLOW_BLUETOOTH = "no_bluetooth"; 222 223 /** 224 * Specifies if outgoing bluetooth sharing is disallowed on the device. Device owner and profile 225 * owner can set this restriction. When it is set by device owner, all users on this device will 226 * be affected. 227 * 228 * <p>Default is <code>true</code> for managed profiles and false for otherwise. When a device 229 * upgrades to {@link android.os.Build.VERSION_CODES#O}, the system sets it for all existing 230 * managed profiles. 231 * 232 * <p>Key for user restrictions. 233 * <p>Type: Boolean 234 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 235 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 236 * @see #getUserRestrictions() 237 */ 238 public static final String DISALLOW_BLUETOOTH_SHARING = "no_bluetooth_sharing"; 239 240 /** 241 * Specifies if a user is disallowed from transferring files over 242 * USB. This can only be set by device owners and profile owners on the primary user. 243 * The default value is <code>false</code>. 244 * 245 * <p>Key for user restrictions. 246 * <p>Type: Boolean 247 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 248 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 249 * @see #getUserRestrictions() 250 */ 251 public static final String DISALLOW_USB_FILE_TRANSFER = "no_usb_file_transfer"; 252 253 /** 254 * Specifies if a user is disallowed from configuring user 255 * credentials. The default value is <code>false</code>. 256 * 257 * <p>Key for user restrictions. 258 * <p>Type: Boolean 259 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 260 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 261 * @see #getUserRestrictions() 262 */ 263 public static final String DISALLOW_CONFIG_CREDENTIALS = "no_config_credentials"; 264 265 /** 266 * When set on the primary user this specifies if the user can remove other users. 267 * When set on a secondary user, this specifies if the user can remove itself. 268 * This restriction has no effect on managed profiles. 269 * The default value is <code>false</code>. 270 * 271 * <p>Key for user restrictions. 272 * <p>Type: Boolean 273 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 274 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 275 * @see #getUserRestrictions() 276 */ 277 public static final String DISALLOW_REMOVE_USER = "no_remove_user"; 278 279 /** 280 * Specifies if managed profiles of this user can be removed, other than by its profile owner. 281 * The default value is <code>false</code>. 282 * <p> 283 * This restriction has no effect on managed profiles. 284 * 285 * <p>Key for user restrictions. 286 * <p>Type: Boolean 287 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 288 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 289 * @see #getUserRestrictions() 290 */ 291 public static final String DISALLOW_REMOVE_MANAGED_PROFILE = "no_remove_managed_profile"; 292 293 /** 294 * Specifies if a user is disallowed from enabling or 295 * accessing debugging features. The default value is <code>false</code>. 296 * 297 * <p>Key for user restrictions. 298 * <p>Type: Boolean 299 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 300 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 301 * @see #getUserRestrictions() 302 */ 303 public static final String DISALLOW_DEBUGGING_FEATURES = "no_debugging_features"; 304 305 /** 306 * Specifies if a user is disallowed from configuring a VPN. The default value is 307 * <code>false</code>. This restriction has an effect when set by device owners and, in Android 308 * 6.0 ({@linkplain android.os.Build.VERSION_CODES#M API level 23}) or higher, profile owners. 309 * <p>This restriction also prevents VPNs from starting. However, in Android 7.0 310 * ({@linkplain android.os.Build.VERSION_CODES#N API level 24}) or higher, the system does 311 * start always-on VPNs created by the device or profile owner. 312 * 313 * <p>Key for user restrictions. 314 * <p>Type: Boolean 315 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 316 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 317 * @see #getUserRestrictions() 318 */ 319 public static final String DISALLOW_CONFIG_VPN = "no_config_vpn"; 320 321 /** 322 * Specifies if a user is disallowed from configuring Tethering 323 * & portable hotspots. This can only be set by device owners and profile owners on the 324 * primary user. The default value is <code>false</code>. 325 * 326 * <p>Key for user restrictions. 327 * <p>Type: Boolean 328 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 329 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 330 * @see #getUserRestrictions() 331 */ 332 public static final String DISALLOW_CONFIG_TETHERING = "no_config_tethering"; 333 334 /** 335 * Specifies if a user is disallowed from resetting network settings 336 * from Settings. This can only be set by device owners and profile owners on the primary user. 337 * The default value is <code>false</code>. 338 * <p>This restriction has no effect on secondary users and managed profiles since only the 339 * primary user can reset the network settings of the device. 340 * 341 * <p>Key for user restrictions. 342 * <p>Type: Boolean 343 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 344 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 345 * @see #getUserRestrictions() 346 */ 347 public static final String DISALLOW_NETWORK_RESET = "no_network_reset"; 348 349 /** 350 * Specifies if a user is disallowed from factory resetting 351 * from Settings. This can only be set by device owners and profile owners on the primary user. 352 * The default value is <code>false</code>. 353 * <p>This restriction has no effect on secondary users and managed profiles since only the 354 * primary user can factory reset the device. 355 * 356 * <p>Key for user restrictions. 357 * <p>Type: Boolean 358 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 359 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 360 * @see #getUserRestrictions() 361 */ 362 public static final String DISALLOW_FACTORY_RESET = "no_factory_reset"; 363 364 /** 365 * Specifies if a user is disallowed from adding new users. This can only be set by device 366 * owners and profile owners on the primary user. 367 * The default value is <code>false</code>. 368 * <p>This restriction has no effect on secondary users and managed profiles since only the 369 * primary user can add other users. 370 * 371 * <p>Key for user restrictions. 372 * <p>Type: Boolean 373 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 374 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 375 * @see #getUserRestrictions() 376 */ 377 public static final String DISALLOW_ADD_USER = "no_add_user"; 378 379 /** 380 * Specifies if a user is disallowed from adding managed profiles. 381 * <p>The default value for an unmanaged user is <code>false</code>. 382 * For users with a device owner set, the default is <code>true</code>. 383 * <p>This restriction has no effect on managed profiles. 384 * 385 * <p>Key for user restrictions. 386 * <p>Type: Boolean 387 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 388 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 389 * @see #getUserRestrictions() 390 */ 391 public static final String DISALLOW_ADD_MANAGED_PROFILE = "no_add_managed_profile"; 392 393 /** 394 * Specifies if a user is disallowed from disabling application verification. The default 395 * value is <code>false</code>. 396 * 397 * <p>In Android 8.0 ({@linkplain android.os.Build.VERSION_CODES#O API level 26}) and higher, 398 * this is a global user restriction. If a device owner or profile owner sets this restriction, 399 * the system enforces app verification across all users on the device. Running in earlier 400 * Android versions, this restriction affects only the profile that sets it. 401 * 402 * <p>Key for user restrictions. 403 * <p>Type: Boolean 404 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 405 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 406 * @see #getUserRestrictions() 407 */ 408 public static final String ENSURE_VERIFY_APPS = "ensure_verify_apps"; 409 410 /** 411 * Specifies if a user is disallowed from configuring cell 412 * broadcasts. This can only be set by device owners and profile owners on the primary user. 413 * The default value is <code>false</code>. 414 * <p>This restriction has no effect on secondary users and managed profiles since only the 415 * primary user can configure cell broadcasts. 416 * 417 * <p>Key for user restrictions. 418 * <p>Type: Boolean 419 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 420 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 421 * @see #getUserRestrictions() 422 */ 423 public static final String DISALLOW_CONFIG_CELL_BROADCASTS = "no_config_cell_broadcasts"; 424 425 /** 426 * Specifies if a user is disallowed from configuring mobile 427 * networks. This can only be set by device owners and profile owners on the primary user. 428 * The default value is <code>false</code>. 429 * <p>This restriction has no effect on secondary users and managed profiles since only the 430 * primary user can configure mobile networks. 431 * 432 * <p>Key for user restrictions. 433 * <p>Type: Boolean 434 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 435 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 436 * @see #getUserRestrictions() 437 */ 438 public static final String DISALLOW_CONFIG_MOBILE_NETWORKS = "no_config_mobile_networks"; 439 440 /** 441 * Specifies if a user is disallowed from modifying 442 * applications in Settings or launchers. The following actions will not be allowed when this 443 * restriction is enabled: 444 * <li>uninstalling apps</li> 445 * <li>disabling apps</li> 446 * <li>clearing app caches</li> 447 * <li>clearing app data</li> 448 * <li>force stopping apps</li> 449 * <li>clearing app defaults</li> 450 * <p> 451 * The default value is <code>false</code>. 452 * 453 * <p><strong>Note:</strong> The user will still be able to perform those actions via other 454 * means (such as adb). Third party apps will also be able to uninstall apps via the 455 * {@link android.content.pm.PackageInstaller}. {@link #DISALLOW_UNINSTALL_APPS} or 456 * {@link DevicePolicyManager#setUninstallBlocked(ComponentName, String, boolean)} should be 457 * used to prevent the user from uninstalling apps completely, and 458 * {@link DevicePolicyManager#addPersistentPreferredActivity(ComponentName, IntentFilter, ComponentName)} 459 * to add a default intent handler for a given intent filter. 460 * 461 * <p>Key for user restrictions. 462 * <p>Type: Boolean 463 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 464 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 465 * @see #getUserRestrictions() 466 */ 467 public static final String DISALLOW_APPS_CONTROL = "no_control_apps"; 468 469 /** 470 * Specifies if a user is disallowed from mounting 471 * physical external media. This can only be set by device owners and profile owners on the 472 * primary user. The default value is <code>false</code>. 473 * 474 * <p>Key for user restrictions. 475 * <p>Type: Boolean 476 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 477 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 478 * @see #getUserRestrictions() 479 */ 480 public static final String DISALLOW_MOUNT_PHYSICAL_MEDIA = "no_physical_media"; 481 482 /** 483 * Specifies if a user is disallowed from adjusting microphone volume. If set, the microphone 484 * will be muted. This can be set by device owners and profile owners. The default value is 485 * <code>false</code>. 486 * 487 * <p>This restriction has no effect on managed profiles. 488 * <p>Key for user restrictions. 489 * <p>Type: Boolean 490 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 491 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 492 * @see #getUserRestrictions() 493 */ 494 public static final String DISALLOW_UNMUTE_MICROPHONE = "no_unmute_microphone"; 495 496 /** 497 * Specifies if a user is disallowed from adjusting the master volume. If set, the master volume 498 * will be muted. This can be set by device owners and profile owners. The default value is 499 * <code>false</code>. 500 * 501 * <p>This restriction has no effect on managed profiles. 502 * <p>Key for user restrictions. 503 * <p>Type: Boolean 504 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 505 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 506 * @see #getUserRestrictions() 507 */ 508 public static final String DISALLOW_ADJUST_VOLUME = "no_adjust_volume"; 509 510 /** 511 * Specifies that the user is not allowed to make outgoing 512 * phone calls. Emergency calls are still permitted. 513 * The default value is <code>false</code>. 514 * <p>This restriction has no effect on managed profiles. 515 * 516 * <p>Key for user restrictions. 517 * <p>Type: Boolean 518 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 519 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 520 * @see #getUserRestrictions() 521 */ 522 public static final String DISALLOW_OUTGOING_CALLS = "no_outgoing_calls"; 523 524 /** 525 * Specifies that the user is not allowed to send or receive 526 * SMS messages. The default value is <code>false</code>. 527 * 528 * <p>Key for user restrictions. 529 * <p>Type: Boolean 530 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 531 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 532 * @see #getUserRestrictions() 533 */ 534 public static final String DISALLOW_SMS = "no_sms"; 535 536 /** 537 * Specifies if the user is not allowed to have fun. In some cases, the 538 * device owner may wish to prevent the user from experiencing amusement or 539 * joy while using the device. The default value is <code>false</code>. 540 * 541 * <p>Key for user restrictions. 542 * <p>Type: Boolean 543 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 544 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 545 * @see #getUserRestrictions() 546 */ 547 public static final String DISALLOW_FUN = "no_fun"; 548 549 /** 550 * Specifies that windows besides app windows should not be 551 * created. This will block the creation of the following types of windows. 552 * <li>{@link LayoutParams#TYPE_TOAST}</li> 553 * <li>{@link LayoutParams#TYPE_PHONE}</li> 554 * <li>{@link LayoutParams#TYPE_PRIORITY_PHONE}</li> 555 * <li>{@link LayoutParams#TYPE_SYSTEM_ALERT}</li> 556 * <li>{@link LayoutParams#TYPE_SYSTEM_ERROR}</li> 557 * <li>{@link LayoutParams#TYPE_SYSTEM_OVERLAY}</li> 558 * <li>{@link LayoutParams#TYPE_APPLICATION_OVERLAY}</li> 559 * 560 * <p>This can only be set by device owners and profile owners on the primary user. 561 * The default value is <code>false</code>. 562 * 563 * <p>Key for user restrictions. 564 * <p>Type: Boolean 565 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 566 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 567 * @see #getUserRestrictions() 568 */ 569 public static final String DISALLOW_CREATE_WINDOWS = "no_create_windows"; 570 571 /** 572 * Specifies if what is copied in the clipboard of this profile can 573 * be pasted in related profiles. Does not restrict if the clipboard of related profiles can be 574 * pasted in this profile. 575 * The default value is <code>false</code>. 576 * 577 * <p>Key for user restrictions. 578 * <p>Type: Boolean 579 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 580 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 581 * @see #getUserRestrictions() 582 */ 583 public static final String DISALLOW_CROSS_PROFILE_COPY_PASTE = "no_cross_profile_copy_paste"; 584 585 /** 586 * Specifies if the user is not allowed to use NFC to beam out data from apps. 587 * The default value is <code>false</code>. 588 * 589 * <p>Key for user restrictions. 590 * <p>Type: Boolean 591 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 592 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 593 * @see #getUserRestrictions() 594 */ 595 public static final String DISALLOW_OUTGOING_BEAM = "no_outgoing_beam"; 596 597 /** 598 * Hidden user restriction to disallow access to wallpaper manager APIs. This restriction 599 * generally means that wallpapers are not supported for the particular user. This user 600 * restriction is always set for managed profiles, because such profiles don't have wallpapers. 601 * @hide 602 * @see #DISALLOW_SET_WALLPAPER 603 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 604 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 605 * @see #getUserRestrictions() 606 */ 607 public static final String DISALLOW_WALLPAPER = "no_wallpaper"; 608 609 /** 610 * User restriction to disallow setting a wallpaper. Profile owner and device owner 611 * are able to set wallpaper regardless of this restriction. 612 * The default value is <code>false</code>. 613 * 614 * <p>Key for user restrictions. 615 * <p>Type: Boolean 616 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 617 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 618 * @see #getUserRestrictions() 619 */ 620 public static final String DISALLOW_SET_WALLPAPER = "no_set_wallpaper"; 621 622 /** 623 * Specifies if the user is not allowed to reboot the device into safe boot mode. 624 * This can only be set by device owners and profile owners on the primary user. 625 * The default value is <code>false</code>. 626 * 627 * <p>Key for user restrictions. 628 * <p>Type: Boolean 629 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 630 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 631 * @see #getUserRestrictions() 632 */ 633 public static final String DISALLOW_SAFE_BOOT = "no_safe_boot"; 634 635 /** 636 * Specifies if a user is not allowed to record audio. This restriction is always enabled for 637 * background users. The default value is <code>false</code>. 638 * 639 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 640 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 641 * @see #getUserRestrictions() 642 * @hide 643 */ 644 public static final String DISALLOW_RECORD_AUDIO = "no_record_audio"; 645 646 /** 647 * Specifies if a user is not allowed to run in the background and should be stopped during 648 * user switch. The default value is <code>false</code>. 649 * 650 * <p>This restriction can be set by device owners and profile owners. 651 * 652 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 653 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 654 * @see #getUserRestrictions() 655 * @hide 656 */ 657 public static final String DISALLOW_RUN_IN_BACKGROUND = "no_run_in_background"; 658 659 /** 660 * Specifies if a user is not allowed to use the camera. 661 * 662 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 663 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 664 * @see #getUserRestrictions() 665 * @hide 666 */ 667 public static final String DISALLOW_CAMERA = "no_camera"; 668 669 /** 670 * Specifies if a user is not allowed to unmute the device's master volume. 671 * 672 * @see DevicePolicyManager#setMasterVolumeMuted(ComponentName, boolean) 673 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 674 * @see #getUserRestrictions() 675 * @hide 676 */ 677 public static final String DISALLOW_UNMUTE_DEVICE = "disallow_unmute_device"; 678 679 /** 680 * Specifies if a user is not allowed to use cellular data when roaming. This can only be set by 681 * device owners. The default value is <code>false</code>. 682 * 683 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 684 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 685 * @see #getUserRestrictions() 686 */ 687 public static final String DISALLOW_DATA_ROAMING = "no_data_roaming"; 688 689 /** 690 * Specifies if a user is not allowed to change their icon. Device owner and profile owner 691 * can set this restriction. When it is set by device owner, only the target user will be 692 * affected. The default value is <code>false</code>. 693 * 694 * <p>Key for user restrictions. 695 * <p>Type: Boolean 696 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 697 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 698 * @see #getUserRestrictions() 699 */ 700 public static final String DISALLOW_SET_USER_ICON = "no_set_user_icon"; 701 702 /** 703 * Specifies if a user is not allowed to enable the oem unlock setting. The default value is 704 * <code>false</code>. Setting this restriction has no effect if the bootloader is already 705 * unlocked. 706 * 707 * <p>Not for use by third-party applications. 708 * 709 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 710 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 711 * @see #getUserRestrictions() 712 * @deprecated use {@link OemLockManager#setOemUnlockAllowedByCarrier(boolean, byte[])} instead. 713 * @hide 714 */ 715 @Deprecated 716 @SystemApi 717 public static final String DISALLOW_OEM_UNLOCK = "no_oem_unlock"; 718 719 /** 720 * Allows apps in the parent profile to handle web links from the managed profile. 721 * 722 * This user restriction has an effect only in a managed profile. 723 * If set: 724 * Intent filters of activities in the parent profile with action 725 * {@link android.content.Intent#ACTION_VIEW}, 726 * category {@link android.content.Intent#CATEGORY_BROWSABLE}, scheme http or https, and which 727 * define a host can handle intents from the managed profile. 728 * The default value is <code>false</code>. 729 * 730 * <p>Key for user restrictions. 731 * <p>Type: Boolean 732 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 733 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 734 * @see #getUserRestrictions() 735 */ 736 public static final String ALLOW_PARENT_PROFILE_APP_LINKING 737 = "allow_parent_profile_app_linking"; 738 739 /** 740 * Specifies if a user is not allowed to use Autofill Services. 741 * 742 * <p>Device owner and profile owner can set this restriction. When it is set by device owner, 743 * only the target user will be affected. 744 * 745 * <p>The default value is <code>false</code>. 746 * 747 * @see DevicePolicyManager#addUserRestriction(ComponentName, String) 748 * @see DevicePolicyManager#clearUserRestriction(ComponentName, String) 749 * @see #getUserRestrictions() 750 */ 751 public static final String DISALLOW_AUTOFILL = "no_autofill"; 752 753 /** 754 * Application restriction key that is used to indicate the pending arrival 755 * of real restrictions for the app. 756 * 757 * <p> 758 * Applications that support restrictions should check for the presence of this key. 759 * A <code>true</code> value indicates that restrictions may be applied in the near 760 * future but are not available yet. It is the responsibility of any 761 * management application that sets this flag to update it when the final 762 * restrictions are enforced. 763 * 764 * <p>Key for application restrictions. 765 * <p>Type: Boolean 766 * @see android.app.admin.DevicePolicyManager#setApplicationRestrictions( 767 * android.content.ComponentName, String, Bundle) 768 * @see android.app.admin.DevicePolicyManager#getApplicationRestrictions( 769 * android.content.ComponentName, String) 770 */ 771 public static final String KEY_RESTRICTIONS_PENDING = "restrictions_pending"; 772 773 private static final String ACTION_CREATE_USER = "android.os.action.CREATE_USER"; 774 775 /** 776 * Extra containing a name for the user being created. Optional parameter passed to 777 * ACTION_CREATE_USER activity. 778 * @hide 779 */ 780 public static final String EXTRA_USER_NAME = "android.os.extra.USER_NAME"; 781 782 /** 783 * Extra containing account name for the user being created. Optional parameter passed to 784 * ACTION_CREATE_USER activity. 785 * @hide 786 */ 787 public static final String EXTRA_USER_ACCOUNT_NAME = "android.os.extra.USER_ACCOUNT_NAME"; 788 789 /** 790 * Extra containing account type for the user being created. Optional parameter passed to 791 * ACTION_CREATE_USER activity. 792 * @hide 793 */ 794 public static final String EXTRA_USER_ACCOUNT_TYPE = "android.os.extra.USER_ACCOUNT_TYPE"; 795 796 /** 797 * Extra containing account-specific data for the user being created. Optional parameter passed 798 * to ACTION_CREATE_USER activity. 799 * @hide 800 */ 801 public static final String EXTRA_USER_ACCOUNT_OPTIONS 802 = "android.os.extra.USER_ACCOUNT_OPTIONS"; 803 804 /** @hide */ 805 public static final int PIN_VERIFICATION_FAILED_INCORRECT = -3; 806 /** @hide */ 807 public static final int PIN_VERIFICATION_FAILED_NOT_SET = -2; 808 /** @hide */ 809 public static final int PIN_VERIFICATION_SUCCESS = -1; 810 811 /** 812 * Sent when user restrictions have changed. 813 * 814 * @hide 815 */ 816 @SystemApi 817 @TestApi // To allow seeing it from CTS. 818 public static final String ACTION_USER_RESTRICTIONS_CHANGED = 819 "android.os.action.USER_RESTRICTIONS_CHANGED"; 820 821 /** 822 * Error result indicating that this user is not allowed to add other users on this device. 823 * This is a result code returned from the activity created by the intent 824 * {@link #createUserCreationIntent(String, String, String, PersistableBundle)}. 825 */ 826 public static final int USER_CREATION_FAILED_NOT_PERMITTED = Activity.RESULT_FIRST_USER; 827 828 /** 829 * Error result indicating that no more users can be created on this device. 830 * This is a result code returned from the activity created by the intent 831 * {@link #createUserCreationIntent(String, String, String, PersistableBundle)}. 832 */ 833 public static final int USER_CREATION_FAILED_NO_MORE_USERS = Activity.RESULT_FIRST_USER + 1; 834 835 /** @hide */ 836 public static UserManager get(Context context) { 837 return (UserManager) context.getSystemService(Context.USER_SERVICE); 838 } 839 840 /** @hide */ 841 public UserManager(Context context, IUserManager service) { 842 mService = service; 843 mContext = context.getApplicationContext(); 844 } 845 846 /** 847 * Returns whether this device supports multiple users with their own login and customizable 848 * space. 849 * @return whether the device supports multiple users. 850 */ 851 public static boolean supportsMultipleUsers() { 852 return getMaxSupportedUsers() > 1 853 && SystemProperties.getBoolean("fw.show_multiuserui", 854 Resources.getSystem().getBoolean(R.bool.config_enableMultiUserUI)); 855 } 856 857 /** 858 * @hide 859 * @return Whether the device is running with split system user. It means the system user and 860 * primary user are two separate users. Previously system user and primary user are combined as 861 * a single owner user. see @link {android.os.UserHandle#USER_OWNER} 862 */ 863 public static boolean isSplitSystemUser() { 864 return RoSystemProperties.FW_SYSTEM_USER_SPLIT; 865 } 866 867 /** 868 * @return Whether guest user is always ephemeral 869 * @hide 870 */ 871 public static boolean isGuestUserEphemeral() { 872 return Resources.getSystem() 873 .getBoolean(com.android.internal.R.bool.config_guestUserEphemeral); 874 } 875 876 /** 877 * Returns whether switching users is currently allowed. 878 * <p>For instance switching users is not allowed if the current user is in a phone call, 879 * or system user hasn't been unlocked yet 880 * @hide 881 */ 882 public boolean canSwitchUsers() { 883 boolean allowUserSwitchingWhenSystemUserLocked = Settings.Global.getInt( 884 mContext.getContentResolver(), 885 Settings.Global.ALLOW_USER_SWITCHING_WHEN_SYSTEM_USER_LOCKED, 0) != 0; 886 boolean isSystemUserUnlocked = isUserUnlocked(UserHandle.SYSTEM); 887 boolean inCall = TelephonyManager.getDefault().getCallState() 888 != TelephonyManager.CALL_STATE_IDLE; 889 return (allowUserSwitchingWhenSystemUserLocked || isSystemUserUnlocked) && !inCall; 890 } 891 892 /** 893 * Returns the user handle for the user that this process is running under. 894 * 895 * @return the user handle of this process. 896 * @hide 897 */ 898 public @UserIdInt int getUserHandle() { 899 return UserHandle.myUserId(); 900 } 901 902 /** 903 * Returns the user name of the user making this call. This call is only 904 * available to applications on the system image; it requires the 905 * MANAGE_USERS permission. 906 * @return the user name 907 */ 908 public String getUserName() { 909 UserInfo user = getUserInfo(getUserHandle()); 910 return user == null ? "" : user.name; 911 } 912 913 /** 914 * Returns whether user name has been set. 915 * <p>This method can be used to check that the value returned by {@link #getUserName()} was 916 * set by the user and is not a placeholder string provided by the system. 917 * @hide 918 */ 919 public boolean isUserNameSet() { 920 try { 921 return mService.isUserNameSet(getUserHandle()); 922 } catch (RemoteException re) { 923 throw re.rethrowFromSystemServer(); 924 } 925 } 926 927 /** 928 * Used to determine whether the user making this call is subject to 929 * teleportations. 930 * 931 * <p>As of {@link android.os.Build.VERSION_CODES#LOLLIPOP}, this method can 932 * now automatically identify goats using advanced goat recognition technology.</p> 933 * 934 * @return Returns true if the user making this call is a goat. 935 */ 936 public boolean isUserAGoat() { 937 return mContext.getPackageManager() 938 .isPackageAvailable("com.coffeestainstudios.goatsimulator"); 939 } 940 941 /** 942 * Used to check if this process is running under the primary user. The primary user 943 * is the first human user on a device. 944 * 945 * @return whether this process is running under the primary user. 946 * @hide 947 */ 948 public boolean isPrimaryUser() { 949 UserInfo user = getUserInfo(UserHandle.myUserId()); 950 return user != null && user.isPrimary(); 951 } 952 953 /** 954 * Used to check if this process is running under the system user. The system user 955 * is the initial user that is implicitly created on first boot and hosts most of the 956 * system services. 957 * 958 * @return whether this process is running under the system user. 959 */ 960 public boolean isSystemUser() { 961 return UserHandle.myUserId() == UserHandle.USER_SYSTEM; 962 } 963 964 /** 965 * @hide 966 * Returns whether the caller is running as an admin user. There can be more than one admin 967 * user. 968 */ 969 public boolean isAdminUser() { 970 return isUserAdmin(UserHandle.myUserId()); 971 } 972 973 /** 974 * @hide 975 * Returns whether the provided user is an admin user. There can be more than one admin 976 * user. 977 */ 978 public boolean isUserAdmin(@UserIdInt int userId) { 979 UserInfo user = getUserInfo(userId); 980 return user != null && user.isAdmin(); 981 } 982 983 /** 984 * Used to check if the user making this call is linked to another user. Linked users may have 985 * a reduced number of available apps, app restrictions and account restrictions. 986 * @return whether the user making this call is a linked user 987 * @hide 988 */ 989 public boolean isLinkedUser() { 990 try { 991 return mService.isRestricted(); 992 } catch (RemoteException re) { 993 throw re.rethrowFromSystemServer(); 994 } 995 } 996 997 /** 998 * Checks if specified user can have restricted profile. 999 * @hide 1000 */ 1001 public boolean canHaveRestrictedProfile(@UserIdInt int userId) { 1002 try { 1003 return mService.canHaveRestrictedProfile(userId); 1004 } catch (RemoteException re) { 1005 throw re.rethrowFromSystemServer(); 1006 } 1007 } 1008 1009 /** 1010 * Checks if a user is a guest user. 1011 * @return whether user is a guest user. 1012 * @hide 1013 */ 1014 public boolean isGuestUser(int id) { 1015 UserInfo user = getUserInfo(id); 1016 return user != null && user.isGuest(); 1017 } 1018 1019 /** 1020 * Checks if the calling app is running as a guest user. 1021 * @return whether the caller is a guest user. 1022 * @hide 1023 */ 1024 public boolean isGuestUser() { 1025 UserInfo user = getUserInfo(UserHandle.myUserId()); 1026 return user != null && user.isGuest(); 1027 } 1028 1029 /** 1030 * Checks if the calling app is running in a demo user. When running in a demo user, 1031 * apps can be more helpful to the user, or explain their features in more detail. 1032 * 1033 * @return whether the caller is a demo user. 1034 */ 1035 public boolean isDemoUser() { 1036 try { 1037 return mService.isDemoUser(UserHandle.myUserId()); 1038 } catch (RemoteException re) { 1039 throw re.rethrowFromSystemServer(); 1040 } 1041 } 1042 1043 /** 1044 * Checks if the calling app is running in a managed profile. 1045 * 1046 * @return whether the caller is in a managed profile. 1047 * @hide 1048 */ 1049 @SystemApi 1050 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 1051 public boolean isManagedProfile() { 1052 // No need for synchronization. Once it becomes non-null, it'll be non-null forever. 1053 // Worst case we might end up calling the AIDL method multiple times but that's fine. 1054 if (mIsManagedProfileCached != null) { 1055 return mIsManagedProfileCached; 1056 } 1057 try { 1058 mIsManagedProfileCached = mService.isManagedProfile(UserHandle.myUserId()); 1059 return mIsManagedProfileCached; 1060 } catch (RemoteException re) { 1061 throw re.rethrowFromSystemServer(); 1062 } 1063 } 1064 1065 /** 1066 * Checks if the specified user is a managed profile. 1067 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission, otherwise the caller 1068 * must be in the same profile group of specified user. 1069 * 1070 * @return whether the specified user is a managed profile. 1071 * @hide 1072 */ 1073 @SystemApi 1074 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 1075 public boolean isManagedProfile(@UserIdInt int userId) { 1076 if (userId == UserHandle.myUserId()) { 1077 return isManagedProfile(); 1078 } 1079 try { 1080 return mService.isManagedProfile(userId); 1081 } catch (RemoteException re) { 1082 throw re.rethrowFromSystemServer(); 1083 } 1084 } 1085 1086 /** 1087 * Gets badge for a managed profile. 1088 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission, otherwise the caller 1089 * must be in the same profile group of specified user. 1090 * 1091 * @return which badge to use for the managed profile badge id will be less than 1092 * UserManagerService.getMaxManagedProfiles() 1093 * @hide 1094 */ 1095 public int getManagedProfileBadge(@UserIdInt int userId) { 1096 try { 1097 return mService.getManagedProfileBadge(userId); 1098 } catch (RemoteException re) { 1099 throw re.rethrowFromSystemServer(); 1100 } 1101 } 1102 1103 /** 1104 * Checks if the calling app is running as an ephemeral user. 1105 * 1106 * @return whether the caller is an ephemeral user. 1107 * @hide 1108 */ 1109 public boolean isEphemeralUser() { 1110 return isUserEphemeral(UserHandle.myUserId()); 1111 } 1112 1113 /** 1114 * Returns whether the specified user is ephemeral. 1115 * @hide 1116 */ 1117 public boolean isUserEphemeral(@UserIdInt int userId) { 1118 final UserInfo user = getUserInfo(userId); 1119 return user != null && user.isEphemeral(); 1120 } 1121 1122 /** 1123 * Return whether the given user is actively running. This means that 1124 * the user is in the "started" state, not "stopped" -- it is currently 1125 * allowed to run code through scheduled alarms, receiving broadcasts, 1126 * etc. A started user may be either the current foreground user or a 1127 * background user; the result here does not distinguish between the two. 1128 * 1129 * <p>Note prior to Android Nougat MR1 (SDK version <= 24; 1130 * {@link android.os.Build.VERSION_CODES#N), this API required a system permission 1131 * in order to check other profile's status. 1132 * Since Android Nougat MR1 (SDK version >= 25; 1133 * {@link android.os.Build.VERSION_CODES#N_MR1)), the restriction has been relaxed, and now 1134 * it'll accept any {@link UserHandle} within the same profile group as the caller. 1135 * 1136 * @param user The user to retrieve the running state for. 1137 */ 1138 // Note this requires either INTERACT_ACROSS_USERS or MANAGE_USERS. 1139 public boolean isUserRunning(UserHandle user) { 1140 return isUserRunning(user.getIdentifier()); 1141 } 1142 1143 /** {@hide} */ 1144 public boolean isUserRunning(@UserIdInt int userId) { 1145 try { 1146 return mService.isUserRunning(userId); 1147 } catch (RemoteException re) { 1148 throw re.rethrowFromSystemServer(); 1149 } 1150 } 1151 1152 /** 1153 * Return whether the given user is actively running <em>or</em> stopping. 1154 * This is like {@link #isUserRunning(UserHandle)}, but will also return 1155 * true if the user had been running but is in the process of being stopped 1156 * (but is not yet fully stopped, and still running some code). 1157 * 1158 * <p>Note prior to Android Nougat MR1 (SDK version <= 24; 1159 * {@link android.os.Build.VERSION_CODES#N), this API required a system permission 1160 * in order to check other profile's status. 1161 * Since Android Nougat MR1 (SDK version >= 25; 1162 * {@link android.os.Build.VERSION_CODES#N_MR1)), the restriction has been relaxed, and now 1163 * it'll accept any {@link UserHandle} within the same profile group as the caller. 1164 * 1165 * @param user The user to retrieve the running state for. 1166 */ 1167 // Note this requires either INTERACT_ACROSS_USERS or MANAGE_USERS. 1168 public boolean isUserRunningOrStopping(UserHandle user) { 1169 try { 1170 // TODO: reconcile stopped vs stopping? 1171 return ActivityManager.getService().isUserRunning( 1172 user.getIdentifier(), ActivityManager.FLAG_OR_STOPPED); 1173 } catch (RemoteException re) { 1174 throw re.rethrowFromSystemServer(); 1175 } 1176 } 1177 1178 /** 1179 * Return whether the calling user is running in an "unlocked" state. 1180 * <p> 1181 * On devices with direct boot, a user is unlocked only after they've 1182 * entered their credentials (such as a lock pattern or PIN). On devices 1183 * without direct boot, a user is unlocked as soon as it starts. 1184 * <p> 1185 * When a user is locked, only device-protected data storage is available. 1186 * When a user is unlocked, both device-protected and credential-protected 1187 * private app data storage is available. 1188 * 1189 * @see Intent#ACTION_USER_UNLOCKED 1190 * @see Context#createDeviceProtectedStorageContext() 1191 */ 1192 public boolean isUserUnlocked() { 1193 return isUserUnlocked(Process.myUserHandle()); 1194 } 1195 1196 /** 1197 * Return whether the given user is running in an "unlocked" state. 1198 * <p> 1199 * On devices with direct boot, a user is unlocked only after they've 1200 * entered their credentials (such as a lock pattern or PIN). On devices 1201 * without direct boot, a user is unlocked as soon as it starts. 1202 * <p> 1203 * When a user is locked, only device-protected data storage is available. 1204 * When a user is unlocked, both device-protected and credential-protected 1205 * private app data storage is available. 1206 * <p>Requires {@code android.permission.MANAGE_USERS} or 1207 * {@code android.permission.INTERACT_ACROSS_USERS}, otherwise specified {@link UserHandle user} 1208 * must be the calling user or a managed profile associated with it. 1209 * 1210 * @param user to retrieve the unlocked state for. 1211 * @see Intent#ACTION_USER_UNLOCKED 1212 * @see Context#createDeviceProtectedStorageContext() 1213 */ 1214 public boolean isUserUnlocked(UserHandle user) { 1215 return isUserUnlocked(user.getIdentifier()); 1216 } 1217 1218 /** {@hide} */ 1219 public boolean isUserUnlocked(@UserIdInt int userId) { 1220 try { 1221 return mService.isUserUnlocked(userId); 1222 } catch (RemoteException re) { 1223 throw re.rethrowFromSystemServer(); 1224 } 1225 } 1226 1227 /** {@hide} */ 1228 public boolean isUserUnlockingOrUnlocked(UserHandle user) { 1229 return isUserUnlockingOrUnlocked(user.getIdentifier()); 1230 } 1231 1232 /** {@hide} */ 1233 public boolean isUserUnlockingOrUnlocked(@UserIdInt int userId) { 1234 try { 1235 return mService.isUserUnlockingOrUnlocked(userId); 1236 } catch (RemoteException re) { 1237 throw re.rethrowFromSystemServer(); 1238 } 1239 } 1240 1241 /** 1242 * Returns the UserInfo object describing a specific user. 1243 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 1244 * @param userHandle the user handle of the user whose information is being requested. 1245 * @return the UserInfo object for a specific user. 1246 * @hide 1247 */ 1248 public UserInfo getUserInfo(@UserIdInt int userHandle) { 1249 try { 1250 return mService.getUserInfo(userHandle); 1251 } catch (RemoteException re) { 1252 throw re.rethrowFromSystemServer(); 1253 } 1254 } 1255 1256 /** 1257 * @hide 1258 * 1259 * Returns who set a user restriction on a user. 1260 * @param restrictionKey the string key representing the restriction 1261 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 1262 * @return The source of user restriction. Any combination of {@link #RESTRICTION_NOT_SET}, 1263 * {@link #RESTRICTION_SOURCE_SYSTEM}, {@link #RESTRICTION_SOURCE_DEVICE_OWNER} 1264 * and {@link #RESTRICTION_SOURCE_PROFILE_OWNER} 1265 * @deprecated use {@link #getUserRestrictionSources(String, int)} instead. 1266 */ 1267 @Deprecated 1268 @SystemApi 1269 @UserRestrictionSource 1270 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 1271 public int getUserRestrictionSource(String restrictionKey, UserHandle userHandle) { 1272 try { 1273 return mService.getUserRestrictionSource(restrictionKey, userHandle.getIdentifier()); 1274 } catch (RemoteException re) { 1275 throw re.rethrowFromSystemServer(); 1276 } 1277 } 1278 1279 /** 1280 * @hide 1281 * 1282 * Returns a list of users who set a user restriction on a given user. 1283 * @param restrictionKey the string key representing the restriction 1284 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 1285 * @return a list of user ids enforcing this restriction. 1286 */ 1287 @SystemApi 1288 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 1289 public List<EnforcingUser> getUserRestrictionSources( 1290 String restrictionKey, UserHandle userHandle) { 1291 try { 1292 return mService.getUserRestrictionSources(restrictionKey, userHandle.getIdentifier()); 1293 } catch (RemoteException re) { 1294 throw re.rethrowFromSystemServer(); 1295 } 1296 } 1297 1298 /** 1299 * Returns the user-wide restrictions imposed on this user. 1300 * @return a Bundle containing all the restrictions. 1301 */ 1302 public Bundle getUserRestrictions() { 1303 return getUserRestrictions(Process.myUserHandle()); 1304 } 1305 1306 /** 1307 * Returns the user-wide restrictions imposed on the user specified by <code>userHandle</code>. 1308 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 1309 * @return a Bundle containing all the restrictions. 1310 */ 1311 public Bundle getUserRestrictions(UserHandle userHandle) { 1312 try { 1313 return mService.getUserRestrictions(userHandle.getIdentifier()); 1314 } catch (RemoteException re) { 1315 throw re.rethrowFromSystemServer(); 1316 } 1317 } 1318 1319 /** 1320 * @hide 1321 * Returns whether the given user has been disallowed from performing certain actions 1322 * or setting certain settings through UserManager. This method disregards restrictions 1323 * set by device policy. 1324 * @param restrictionKey the string key representing the restriction 1325 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 1326 */ 1327 public boolean hasBaseUserRestriction(String restrictionKey, UserHandle userHandle) { 1328 try { 1329 return mService.hasBaseUserRestriction(restrictionKey, userHandle.getIdentifier()); 1330 } catch (RemoteException re) { 1331 throw re.rethrowFromSystemServer(); 1332 } 1333 } 1334 1335 /** 1336 * This will no longer work. Device owners and profile owners should use 1337 * {@link DevicePolicyManager#addUserRestriction(ComponentName, String)} instead. 1338 */ 1339 // System apps should use UserManager.setUserRestriction() instead. 1340 @Deprecated 1341 public void setUserRestrictions(Bundle restrictions) { 1342 throw new UnsupportedOperationException("This method is no longer supported"); 1343 } 1344 1345 /** 1346 * This will no longer work. Device owners and profile owners should use 1347 * {@link DevicePolicyManager#addUserRestriction(ComponentName, String)} instead. 1348 */ 1349 // System apps should use UserManager.setUserRestriction() instead. 1350 @Deprecated 1351 public void setUserRestrictions(Bundle restrictions, UserHandle userHandle) { 1352 throw new UnsupportedOperationException("This method is no longer supported"); 1353 } 1354 1355 /** 1356 * Sets the value of a specific restriction. 1357 * Requires the MANAGE_USERS permission. 1358 * @param key the key of the restriction 1359 * @param value the value for the restriction 1360 * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction( 1361 * android.content.ComponentName, String)} or 1362 * {@link android.app.admin.DevicePolicyManager#clearUserRestriction( 1363 * android.content.ComponentName, String)} instead. 1364 */ 1365 @Deprecated 1366 public void setUserRestriction(String key, boolean value) { 1367 setUserRestriction(key, value, Process.myUserHandle()); 1368 } 1369 1370 /** 1371 * @hide 1372 * Sets the value of a specific restriction on a specific user. 1373 * Requires the MANAGE_USERS permission. 1374 * @param key the key of the restriction 1375 * @param value the value for the restriction 1376 * @param userHandle the user whose restriction is to be changed. 1377 * @deprecated use {@link android.app.admin.DevicePolicyManager#addUserRestriction( 1378 * android.content.ComponentName, String)} or 1379 * {@link android.app.admin.DevicePolicyManager#clearUserRestriction( 1380 * android.content.ComponentName, String)} instead. 1381 */ 1382 @Deprecated 1383 public void setUserRestriction(String key, boolean value, UserHandle userHandle) { 1384 try { 1385 mService.setUserRestriction(key, value, userHandle.getIdentifier()); 1386 } catch (RemoteException re) { 1387 throw re.rethrowFromSystemServer(); 1388 } 1389 } 1390 1391 /** 1392 * Returns whether the current user has been disallowed from performing certain actions 1393 * or setting certain settings. 1394 * 1395 * @param restrictionKey The string key representing the restriction. 1396 * @return {@code true} if the current user has the given restriction, {@code false} otherwise. 1397 */ 1398 public boolean hasUserRestriction(String restrictionKey) { 1399 return hasUserRestriction(restrictionKey, Process.myUserHandle()); 1400 } 1401 1402 /** 1403 * @hide 1404 * Returns whether the given user has been disallowed from performing certain actions 1405 * or setting certain settings. 1406 * @param restrictionKey the string key representing the restriction 1407 * @param userHandle the UserHandle of the user for whom to retrieve the restrictions. 1408 */ 1409 public boolean hasUserRestriction(String restrictionKey, UserHandle userHandle) { 1410 try { 1411 return mService.hasUserRestriction(restrictionKey, 1412 userHandle.getIdentifier()); 1413 } catch (RemoteException re) { 1414 throw re.rethrowFromSystemServer(); 1415 } 1416 } 1417 1418 /** 1419 * Return the serial number for a user. This is a device-unique 1420 * number assigned to that user; if the user is deleted and then a new 1421 * user created, the new users will not be given the same serial number. 1422 * @param user The user whose serial number is to be retrieved. 1423 * @return The serial number of the given user; returns -1 if the 1424 * given UserHandle does not exist. 1425 * @see #getUserForSerialNumber(long) 1426 */ 1427 public long getSerialNumberForUser(UserHandle user) { 1428 return getUserSerialNumber(user.getIdentifier()); 1429 } 1430 1431 /** 1432 * Return the user associated with a serial number previously 1433 * returned by {@link #getSerialNumberForUser(UserHandle)}. 1434 * @param serialNumber The serial number of the user that is being 1435 * retrieved. 1436 * @return Return the user associated with the serial number, or null 1437 * if there is not one. 1438 * @see #getSerialNumberForUser(UserHandle) 1439 */ 1440 public UserHandle getUserForSerialNumber(long serialNumber) { 1441 int ident = getUserHandle((int) serialNumber); 1442 return ident >= 0 ? new UserHandle(ident) : null; 1443 } 1444 1445 /** 1446 * Creates a user with the specified name and options. For non-admin users, default user 1447 * restrictions are going to be applied. 1448 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 1449 * 1450 * @param name the user's name 1451 * @param flags flags that identify the type of user and other properties. 1452 * @see UserInfo 1453 * 1454 * @return the UserInfo object for the created user, or null if the user could not be created. 1455 * @hide 1456 */ 1457 public UserInfo createUser(String name, int flags) { 1458 UserInfo user = null; 1459 try { 1460 user = mService.createUser(name, flags); 1461 // TODO: Keep this in sync with 1462 // UserManagerService.LocalService.createUserEvenWhenDisallowed 1463 if (user != null && !user.isAdmin() && !user.isDemo()) { 1464 mService.setUserRestriction(DISALLOW_SMS, true, user.id); 1465 mService.setUserRestriction(DISALLOW_OUTGOING_CALLS, true, user.id); 1466 } 1467 } catch (RemoteException re) { 1468 throw re.rethrowFromSystemServer(); 1469 } 1470 return user; 1471 } 1472 1473 /** 1474 * Creates a guest user and configures it. 1475 * @param context an application context 1476 * @param name the name to set for the user 1477 * @hide 1478 */ 1479 public UserInfo createGuest(Context context, String name) { 1480 UserInfo guest = null; 1481 try { 1482 guest = mService.createUser(name, UserInfo.FLAG_GUEST); 1483 if (guest != null) { 1484 Settings.Secure.putStringForUser(context.getContentResolver(), 1485 Settings.Secure.SKIP_FIRST_USE_HINTS, "1", guest.id); 1486 } 1487 } catch (RemoteException re) { 1488 throw re.rethrowFromSystemServer(); 1489 } 1490 return guest; 1491 } 1492 1493 /** 1494 * Creates a user with the specified name and options as a profile of another user. 1495 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 1496 * 1497 * @param name the user's name 1498 * @param flags flags that identify the type of user and other properties. 1499 * @param userHandle new user will be a profile of this user. 1500 * 1501 * @return the {@link UserInfo} object for the created user, or null if the user 1502 * could not be created. 1503 * @hide 1504 */ 1505 public UserInfo createProfileForUser(String name, int flags, @UserIdInt int userHandle) { 1506 return createProfileForUser(name, flags, userHandle, null); 1507 } 1508 1509 /** 1510 * Version of {@link #createProfileForUser(String, int, int)} that allows you to specify 1511 * any packages that should not be installed in the new profile by default, these packages can 1512 * still be installed later by the user if needed. 1513 * 1514 * @param name the user's name 1515 * @param flags flags that identify the type of user and other properties. 1516 * @param userHandle new user will be a profile of this user. 1517 * @param disallowedPackages packages that will not be installed in the profile being created. 1518 * 1519 * @return the {@link UserInfo} object for the created user, or null if the user 1520 * could not be created. 1521 * @hide 1522 */ 1523 public UserInfo createProfileForUser(String name, int flags, @UserIdInt int userHandle, 1524 String[] disallowedPackages) { 1525 try { 1526 return mService.createProfileForUser(name, flags, userHandle, disallowedPackages); 1527 } catch (RemoteException re) { 1528 throw re.rethrowFromSystemServer(); 1529 } 1530 } 1531 1532 /** 1533 * Similar to {@link #createProfileForUser(String, int, int, String[])} 1534 * except bypassing the checking of {@link UserManager#DISALLOW_ADD_MANAGED_PROFILE}. 1535 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 1536 * 1537 * @see #createProfileForUser(String, int, int, String[]) 1538 * @hide 1539 */ 1540 public UserInfo createProfileForUserEvenWhenDisallowed(String name, int flags, 1541 @UserIdInt int userHandle, String[] disallowedPackages) { 1542 try { 1543 return mService.createProfileForUserEvenWhenDisallowed(name, flags, userHandle, 1544 disallowedPackages); 1545 } catch (RemoteException re) { 1546 throw re.rethrowFromSystemServer(); 1547 } 1548 } 1549 1550 /** 1551 * Creates a restricted profile with the specified name. This method also sets necessary 1552 * restrictions and adds shared accounts. 1553 * 1554 * @param name profile's name 1555 * @return UserInfo object for the created user, or null if the user could not be created. 1556 * @hide 1557 */ 1558 public UserInfo createRestrictedProfile(String name) { 1559 try { 1560 UserHandle parentUserHandle = Process.myUserHandle(); 1561 UserInfo user = mService.createRestrictedProfile(name, 1562 parentUserHandle.getIdentifier()); 1563 if (user != null) { 1564 AccountManager.get(mContext).addSharedAccountsFromParentUser(parentUserHandle, 1565 UserHandle.of(user.id)); 1566 } 1567 return user; 1568 } catch (RemoteException re) { 1569 throw re.rethrowFromSystemServer(); 1570 } 1571 } 1572 1573 /** 1574 * Returns an intent to create a user for the provided name and account name. The name 1575 * and account name will be used when the setup process for the new user is started. 1576 * <p> 1577 * The intent should be launched using startActivityForResult and the return result will 1578 * indicate if the user consented to adding a new user and if the operation succeeded. Any 1579 * errors in creating the user will be returned in the result code. If the user cancels the 1580 * request, the return result will be {@link Activity#RESULT_CANCELED}. On success, the 1581 * result code will be {@link Activity#RESULT_OK}. 1582 * <p> 1583 * Use {@link #supportsMultipleUsers()} to first check if the device supports this operation 1584 * at all. 1585 * <p> 1586 * The new user is created but not initialized. After switching into the user for the first 1587 * time, the preferred user name and account information are used by the setup process for that 1588 * user. 1589 * 1590 * @param userName Optional name to assign to the user. 1591 * @param accountName Optional account name that will be used by the setup wizard to initialize 1592 * the user. 1593 * @param accountType Optional account type for the account to be created. This is required 1594 * if the account name is specified. 1595 * @param accountOptions Optional bundle of data to be passed in during account creation in the 1596 * new user via {@link AccountManager#addAccount(String, String, String[], 1597 * Bundle, android.app.Activity, android.accounts.AccountManagerCallback, 1598 * Handler)}. 1599 * @return An Intent that can be launched from an Activity. 1600 * @see #USER_CREATION_FAILED_NOT_PERMITTED 1601 * @see #USER_CREATION_FAILED_NO_MORE_USERS 1602 * @see #supportsMultipleUsers 1603 */ 1604 public static Intent createUserCreationIntent(@Nullable String userName, 1605 @Nullable String accountName, 1606 @Nullable String accountType, @Nullable PersistableBundle accountOptions) { 1607 Intent intent = new Intent(ACTION_CREATE_USER); 1608 if (userName != null) { 1609 intent.putExtra(EXTRA_USER_NAME, userName); 1610 } 1611 if (accountName != null && accountType == null) { 1612 throw new IllegalArgumentException("accountType must be specified if accountName is " 1613 + "specified"); 1614 } 1615 if (accountName != null) { 1616 intent.putExtra(EXTRA_USER_ACCOUNT_NAME, accountName); 1617 } 1618 if (accountType != null) { 1619 intent.putExtra(EXTRA_USER_ACCOUNT_TYPE, accountType); 1620 } 1621 if (accountOptions != null) { 1622 intent.putExtra(EXTRA_USER_ACCOUNT_OPTIONS, accountOptions); 1623 } 1624 return intent; 1625 } 1626 1627 /** 1628 * @hide 1629 * 1630 * Returns the preferred account name for user creation. 1631 */ 1632 @SystemApi 1633 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 1634 public String getSeedAccountName() { 1635 try { 1636 return mService.getSeedAccountName(); 1637 } catch (RemoteException re) { 1638 throw re.rethrowFromSystemServer(); 1639 } 1640 } 1641 1642 /** 1643 * @hide 1644 * 1645 * Returns the preferred account type for user creation. 1646 */ 1647 @SystemApi 1648 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 1649 public String getSeedAccountType() { 1650 try { 1651 return mService.getSeedAccountType(); 1652 } catch (RemoteException re) { 1653 throw re.rethrowFromSystemServer(); 1654 } 1655 } 1656 1657 /** 1658 * @hide 1659 * 1660 * Returns the preferred account's options bundle for user creation. 1661 * @return Any options set by the requestor that created the user. 1662 */ 1663 @SystemApi 1664 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 1665 public PersistableBundle getSeedAccountOptions() { 1666 try { 1667 return mService.getSeedAccountOptions(); 1668 } catch (RemoteException re) { 1669 throw re.rethrowFromSystemServer(); 1670 } 1671 } 1672 1673 /** 1674 * @hide 1675 * 1676 * Called by a system activity to set the seed account information of a user created 1677 * through the user creation intent. 1678 * @param userId 1679 * @param accountName 1680 * @param accountType 1681 * @param accountOptions 1682 * @see #createUserCreationIntent(String, String, String, PersistableBundle) 1683 */ 1684 public void setSeedAccountData(int userId, String accountName, String accountType, 1685 PersistableBundle accountOptions) { 1686 try { 1687 mService.setSeedAccountData(userId, accountName, accountType, accountOptions, 1688 /* persist= */ true); 1689 } catch (RemoteException re) { 1690 throw re.rethrowFromSystemServer(); 1691 } 1692 } 1693 1694 /** 1695 * @hide 1696 * Clears the seed information used to create this user. 1697 */ 1698 @SystemApi 1699 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 1700 public void clearSeedAccountData() { 1701 try { 1702 mService.clearSeedAccountData(); 1703 } catch (RemoteException re) { 1704 throw re.rethrowFromSystemServer(); 1705 } 1706 } 1707 1708 /** 1709 * @hide 1710 * Marks the guest user for deletion to allow a new guest to be created before deleting 1711 * the current user who is a guest. 1712 * @param userHandle 1713 * @return 1714 */ 1715 public boolean markGuestForDeletion(@UserIdInt int userHandle) { 1716 try { 1717 return mService.markGuestForDeletion(userHandle); 1718 } catch (RemoteException re) { 1719 throw re.rethrowFromSystemServer(); 1720 } 1721 } 1722 1723 /** 1724 * Sets the user as enabled, if such an user exists. 1725 * 1726 * <p>Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 1727 * 1728 * <p>Note that the default is true, it's only that managed profiles might not be enabled. 1729 * Also ephemeral users can be disabled to indicate that their removal is in progress and they 1730 * shouldn't be re-entered. Therefore ephemeral users should not be re-enabled once disabled. 1731 * 1732 * @param userHandle the id of the profile to enable 1733 * @hide 1734 */ 1735 public void setUserEnabled(@UserIdInt int userHandle) { 1736 try { 1737 mService.setUserEnabled(userHandle); 1738 } catch (RemoteException re) { 1739 throw re.rethrowFromSystemServer(); 1740 } 1741 } 1742 1743 /** 1744 * Evicts the user's credential encryption key from memory by stopping and restarting the user. 1745 * 1746 * @hide 1747 */ 1748 public void evictCredentialEncryptionKey(@UserIdInt int userHandle) { 1749 try { 1750 mService.evictCredentialEncryptionKey(userHandle); 1751 } catch (RemoteException re) { 1752 throw re.rethrowFromSystemServer(); 1753 } 1754 } 1755 1756 /** 1757 * Return the number of users currently created on the device. 1758 */ 1759 public int getUserCount() { 1760 List<UserInfo> users = getUsers(); 1761 return users != null ? users.size() : 1; 1762 } 1763 1764 /** 1765 * Returns information for all users on this device, including ones marked for deletion. 1766 * To retrieve only users that are alive, use {@link #getUsers(boolean)}. 1767 * <p> 1768 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 1769 * @return the list of users that exist on the device. 1770 * @hide 1771 */ 1772 public List<UserInfo> getUsers() { 1773 try { 1774 return mService.getUsers(false); 1775 } catch (RemoteException re) { 1776 throw re.rethrowFromSystemServer(); 1777 } 1778 } 1779 1780 /** 1781 * Returns serial numbers of all users on this device. 1782 * 1783 * @param excludeDying specify if the list should exclude users being removed. 1784 * @return the list of serial numbers of users that exist on the device. 1785 * @hide 1786 */ 1787 @SystemApi 1788 @RequiresPermission(android.Manifest.permission.MANAGE_USERS) 1789 public long[] getSerialNumbersOfUsers(boolean excludeDying) { 1790 try { 1791 List<UserInfo> users = mService.getUsers(excludeDying); 1792 long[] result = new long[users.size()]; 1793 for (int i = 0; i < result.length; i++) { 1794 result[i] = users.get(i).serialNumber; 1795 } 1796 return result; 1797 } catch (RemoteException re) { 1798 throw re.rethrowFromSystemServer(); 1799 } 1800 } 1801 1802 /** 1803 * @return the user's account name, null if not found. 1804 * @hide 1805 */ 1806 @RequiresPermission( allOf = { 1807 Manifest.permission.INTERACT_ACROSS_USERS_FULL, 1808 Manifest.permission.MANAGE_USERS 1809 }) 1810 public @Nullable String getUserAccount(@UserIdInt int userHandle) { 1811 try { 1812 return mService.getUserAccount(userHandle); 1813 } catch (RemoteException re) { 1814 throw re.rethrowFromSystemServer(); 1815 } 1816 } 1817 1818 /** 1819 * Set account name for the given user. 1820 * @hide 1821 */ 1822 @RequiresPermission( allOf = { 1823 Manifest.permission.INTERACT_ACROSS_USERS_FULL, 1824 Manifest.permission.MANAGE_USERS 1825 }) 1826 public void setUserAccount(@UserIdInt int userHandle, @Nullable String accountName) { 1827 try { 1828 mService.setUserAccount(userHandle, accountName); 1829 } catch (RemoteException re) { 1830 throw re.rethrowFromSystemServer(); 1831 } 1832 } 1833 1834 /** 1835 * Returns information for Primary user. 1836 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 1837 * 1838 * @return the Primary user, null if not found. 1839 * @hide 1840 */ 1841 public @Nullable UserInfo getPrimaryUser() { 1842 try { 1843 return mService.getPrimaryUser(); 1844 } catch (RemoteException re) { 1845 throw re.rethrowFromSystemServer(); 1846 } 1847 } 1848 1849 /** 1850 * Checks whether it's possible to add more users. Caller must hold the MANAGE_USERS 1851 * permission. 1852 * 1853 * @return true if more users can be added, false if limit has been reached. 1854 * @hide 1855 */ 1856 public boolean canAddMoreUsers() { 1857 final List<UserInfo> users = getUsers(true); 1858 final int totalUserCount = users.size(); 1859 int aliveUserCount = 0; 1860 for (int i = 0; i < totalUserCount; i++) { 1861 UserInfo user = users.get(i); 1862 if (!user.isGuest()) { 1863 aliveUserCount++; 1864 } 1865 } 1866 return aliveUserCount < getMaxSupportedUsers(); 1867 } 1868 1869 /** 1870 * Checks whether it's possible to add more managed profiles. Caller must hold the MANAGE_USERS 1871 * permission. 1872 * if allowedToRemoveOne is true and if the user already has a managed profile, then return if 1873 * we could add a new managed profile to this user after removing the existing one. 1874 * 1875 * @return true if more managed profiles can be added, false if limit has been reached. 1876 * @hide 1877 */ 1878 public boolean canAddMoreManagedProfiles(@UserIdInt int userId, boolean allowedToRemoveOne) { 1879 try { 1880 return mService.canAddMoreManagedProfiles(userId, allowedToRemoveOne); 1881 } catch (RemoteException re) { 1882 throw re.rethrowFromSystemServer(); 1883 } 1884 } 1885 1886 /** 1887 * Returns list of the profiles of userHandle including 1888 * userHandle itself. 1889 * Note that this returns both enabled and not enabled profiles. See 1890 * {@link #getEnabledProfiles(int)} if you need only the enabled ones. 1891 * 1892 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 1893 * @param userHandle profiles of this user will be returned. 1894 * @return the list of profiles. 1895 * @hide 1896 */ 1897 public List<UserInfo> getProfiles(@UserIdInt int userHandle) { 1898 try { 1899 return mService.getProfiles(userHandle, false /* enabledOnly */); 1900 } catch (RemoteException re) { 1901 throw re.rethrowFromSystemServer(); 1902 } 1903 } 1904 1905 /** 1906 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 1907 * @param userId one of the two user ids to check. 1908 * @param otherUserId one of the two user ids to check. 1909 * @return true if the two user ids are in the same profile group. 1910 * @hide 1911 */ 1912 public boolean isSameProfileGroup(@UserIdInt int userId, int otherUserId) { 1913 try { 1914 return mService.isSameProfileGroup(userId, otherUserId); 1915 } catch (RemoteException re) { 1916 throw re.rethrowFromSystemServer(); 1917 } 1918 } 1919 1920 /** 1921 * Returns list of the profiles of userHandle including 1922 * userHandle itself. 1923 * Note that this returns only enabled. 1924 * 1925 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 1926 * @param userHandle profiles of this user will be returned. 1927 * @return the list of profiles. 1928 * @hide 1929 */ 1930 public List<UserInfo> getEnabledProfiles(@UserIdInt int userHandle) { 1931 try { 1932 return mService.getProfiles(userHandle, true /* enabledOnly */); 1933 } catch (RemoteException re) { 1934 throw re.rethrowFromSystemServer(); 1935 } 1936 } 1937 1938 /** 1939 * Returns a list of UserHandles for profiles associated with the user that the calling process 1940 * is running on, including the user itself. 1941 * 1942 * @return A non-empty list of UserHandles associated with the calling user. 1943 */ 1944 public List<UserHandle> getUserProfiles() { 1945 int[] userIds = getProfileIds(UserHandle.myUserId(), true /* enabledOnly */); 1946 List<UserHandle> result = new ArrayList<>(userIds.length); 1947 for (int userId : userIds) { 1948 result.add(UserHandle.of(userId)); 1949 } 1950 return result; 1951 } 1952 1953 /** 1954 * Returns a list of ids for profiles associated with the specified user including the user 1955 * itself. 1956 * 1957 * @param userId id of the user to return profiles for 1958 * @param enabledOnly whether return only {@link UserInfo#isEnabled() enabled} profiles 1959 * @return A non-empty list of ids of profiles associated with the specified user. 1960 * 1961 * @hide 1962 */ 1963 public int[] getProfileIds(@UserIdInt int userId, boolean enabledOnly) { 1964 try { 1965 return mService.getProfileIds(userId, enabledOnly); 1966 } catch (RemoteException re) { 1967 throw re.rethrowFromSystemServer(); 1968 } 1969 } 1970 1971 /** 1972 * @see #getProfileIds(int, boolean) 1973 * @hide 1974 */ 1975 public int[] getProfileIdsWithDisabled(@UserIdInt int userId) { 1976 return getProfileIds(userId, false /* enabledOnly */); 1977 } 1978 1979 /** 1980 * @see #getProfileIds(int, boolean) 1981 * @hide 1982 */ 1983 public int[] getEnabledProfileIds(@UserIdInt int userId) { 1984 return getProfileIds(userId, true /* enabledOnly */); 1985 } 1986 1987 /** 1988 * Returns the device credential owner id of the profile from 1989 * which this method is called, or userHandle if called from a user that 1990 * is not a profile. 1991 * 1992 * @hide 1993 */ 1994 public int getCredentialOwnerProfile(@UserIdInt int userHandle) { 1995 try { 1996 return mService.getCredentialOwnerProfile(userHandle); 1997 } catch (RemoteException re) { 1998 throw re.rethrowFromSystemServer(); 1999 } 2000 } 2001 2002 /** 2003 * Returns the parent of the profile which this method is called from 2004 * or null if called from a user that is not a profile. 2005 * 2006 * @hide 2007 */ 2008 public UserInfo getProfileParent(@UserIdInt int userHandle) { 2009 try { 2010 return mService.getProfileParent(userHandle); 2011 } catch (RemoteException re) { 2012 throw re.rethrowFromSystemServer(); 2013 } 2014 } 2015 2016 /** 2017 * Set quiet mode of a managed profile. 2018 * 2019 * @param userHandle The user handle of the profile. 2020 * @param enableQuietMode Whether quiet mode should be enabled or disabled. 2021 * @hide 2022 */ 2023 public void setQuietModeEnabled(@UserIdInt int userHandle, boolean enableQuietMode) { 2024 try { 2025 mService.setQuietModeEnabled(userHandle, enableQuietMode); 2026 } catch (RemoteException re) { 2027 throw re.rethrowFromSystemServer(); 2028 } 2029 } 2030 2031 /** 2032 * Returns whether the given profile is in quiet mode or not. 2033 * Notes: Quiet mode is only supported for managed profiles. 2034 * 2035 * @param userHandle The user handle of the profile to be queried. 2036 * @return true if the profile is in quiet mode, false otherwise. 2037 */ 2038 public boolean isQuietModeEnabled(UserHandle userHandle) { 2039 try { 2040 return mService.isQuietModeEnabled(userHandle.getIdentifier()); 2041 } catch (RemoteException re) { 2042 throw re.rethrowFromSystemServer(); 2043 } 2044 } 2045 2046 /** 2047 * Tries disabling quiet mode for a given user. If the user is still locked, we unlock the user 2048 * first by showing the confirm credentials screen and disable quiet mode upon successful 2049 * unlocking. If the user is already unlocked, we call through to {@link #setQuietModeEnabled} 2050 * directly. 2051 * 2052 * @return true if the quiet mode was disabled immediately 2053 * @hide 2054 */ 2055 public boolean trySetQuietModeDisabled(@UserIdInt int userHandle, IntentSender target) { 2056 try { 2057 return mService.trySetQuietModeDisabled(userHandle, target); 2058 } catch (RemoteException re) { 2059 throw re.rethrowFromSystemServer(); 2060 } 2061 } 2062 2063 /** 2064 * If the target user is a managed profile of the calling user or the caller 2065 * is itself a managed profile, then this returns a badged copy of the given 2066 * icon to be able to distinguish it from the original icon. For badging an 2067 * arbitrary drawable use {@link #getBadgedDrawableForUser( 2068 * android.graphics.drawable.Drawable, UserHandle, android.graphics.Rect, int)}. 2069 * <p> 2070 * If the original drawable is a BitmapDrawable and the backing bitmap is 2071 * mutable as per {@link android.graphics.Bitmap#isMutable()}, the badging 2072 * is performed in place and the original drawable is returned. 2073 * </p> 2074 * 2075 * @param icon The icon to badge. 2076 * @param user The target user. 2077 * @return A drawable that combines the original icon and a badge as 2078 * determined by the system. 2079 * @removed 2080 */ 2081 public Drawable getBadgedIconForUser(Drawable icon, UserHandle user) { 2082 return mContext.getPackageManager().getUserBadgedIcon(icon, user); 2083 } 2084 2085 /** 2086 * If the target user is a managed profile of the calling user or the caller 2087 * is itself a managed profile, then this returns a badged copy of the given 2088 * drawable allowing the user to distinguish it from the original drawable. 2089 * The caller can specify the location in the bounds of the drawable to be 2090 * badged where the badge should be applied as well as the density of the 2091 * badge to be used. 2092 * <p> 2093 * If the original drawable is a BitmapDrawable and the backing bitmap is 2094 * mutable as per {@link android.graphics.Bitmap#isMutable()}, the badging 2095 * is performed in place and the original drawable is returned. 2096 * </p> 2097 * 2098 * @param badgedDrawable The drawable to badge. 2099 * @param user The target user. 2100 * @param badgeLocation Where in the bounds of the badged drawable to place 2101 * the badge. If it's {@code null}, the badge is applied on top of the entire 2102 * drawable being badged. 2103 * @param badgeDensity The optional desired density for the badge as per 2104 * {@link android.util.DisplayMetrics#densityDpi}. If it's not positive, 2105 * the density of the display is used. 2106 * @return A drawable that combines the original drawable and a badge as 2107 * determined by the system. 2108 * @removed 2109 */ 2110 public Drawable getBadgedDrawableForUser(Drawable badgedDrawable, UserHandle user, 2111 Rect badgeLocation, int badgeDensity) { 2112 return mContext.getPackageManager().getUserBadgedDrawableForDensity(badgedDrawable, user, 2113 badgeLocation, badgeDensity); 2114 } 2115 2116 /** 2117 * If the target user is a managed profile of the calling user or the caller 2118 * is itself a managed profile, then this returns a copy of the label with 2119 * badging for accessibility services like talkback. E.g. passing in "Email" 2120 * and it might return "Work Email" for Email in the work profile. 2121 * 2122 * @param label The label to change. 2123 * @param user The target user. 2124 * @return A label that combines the original label and a badge as 2125 * determined by the system. 2126 * @removed 2127 */ 2128 public CharSequence getBadgedLabelForUser(CharSequence label, UserHandle user) { 2129 return mContext.getPackageManager().getUserBadgedLabel(label, user); 2130 } 2131 2132 /** 2133 * Returns information for all users on this device. Requires 2134 * {@link android.Manifest.permission#MANAGE_USERS} permission. 2135 * 2136 * @param excludeDying specify if the list should exclude users being 2137 * removed. 2138 * @return the list of users that were created. 2139 * @hide 2140 */ 2141 public @NonNull List<UserInfo> getUsers(boolean excludeDying) { 2142 try { 2143 return mService.getUsers(excludeDying); 2144 } catch (RemoteException re) { 2145 throw re.rethrowFromSystemServer(); 2146 } 2147 } 2148 2149 /** 2150 * Removes a user and all associated data. 2151 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2152 * @param userHandle the integer handle of the user, where 0 is the primary user. 2153 * @hide 2154 */ 2155 public boolean removeUser(@UserIdInt int userHandle) { 2156 try { 2157 return mService.removeUser(userHandle); 2158 } catch (RemoteException re) { 2159 throw re.rethrowFromSystemServer(); 2160 } 2161 } 2162 2163 /** 2164 * Similar to {@link #removeUser(int)} except bypassing the checking of 2165 * {@link UserManager#DISALLOW_REMOVE_USER} 2166 * or {@link UserManager#DISALLOW_REMOVE_MANAGED_PROFILE}. 2167 * 2168 * @see {@link #removeUser(int)} 2169 * @hide 2170 */ 2171 public boolean removeUserEvenWhenDisallowed(@UserIdInt int userHandle) { 2172 try { 2173 return mService.removeUserEvenWhenDisallowed(userHandle); 2174 } catch (RemoteException re) { 2175 throw re.rethrowFromSystemServer(); 2176 } 2177 } 2178 2179 /** 2180 * Updates the user's name. 2181 * Requires {@link android.Manifest.permission#MANAGE_USERS} permission. 2182 * 2183 * @param userHandle the user's integer handle 2184 * @param name the new name for the user 2185 * @hide 2186 */ 2187 public void setUserName(@UserIdInt int userHandle, String name) { 2188 try { 2189 mService.setUserName(userHandle, name); 2190 } catch (RemoteException re) { 2191 throw re.rethrowFromSystemServer(); 2192 } 2193 } 2194 2195 /** 2196 * Sets the user's photo. 2197 * @param userHandle the user for whom to change the photo. 2198 * @param icon the bitmap to set as the photo. 2199 * @hide 2200 */ 2201 public void setUserIcon(@UserIdInt int userHandle, Bitmap icon) { 2202 try { 2203 mService.setUserIcon(userHandle, icon); 2204 } catch (RemoteException re) { 2205 throw re.rethrowFromSystemServer(); 2206 } 2207 } 2208 2209 /** 2210 * Returns a file descriptor for the user's photo. PNG data can be read from this file. 2211 * @param userHandle the user whose photo we want to read. 2212 * @return a {@link Bitmap} of the user's photo, or null if there's no photo. 2213 * @see com.android.internal.util.UserIcons#getDefaultUserIcon for a default. 2214 * @hide 2215 */ 2216 public Bitmap getUserIcon(@UserIdInt int userHandle) { 2217 try { 2218 ParcelFileDescriptor fd = mService.getUserIcon(userHandle); 2219 if (fd != null) { 2220 try { 2221 return BitmapFactory.decodeFileDescriptor(fd.getFileDescriptor()); 2222 } finally { 2223 try { 2224 fd.close(); 2225 } catch (IOException e) { 2226 } 2227 } 2228 } 2229 } catch (RemoteException re) { 2230 throw re.rethrowFromSystemServer(); 2231 } 2232 return null; 2233 } 2234 2235 /** 2236 * Returns the maximum number of users that can be created on this device. A return value 2237 * of 1 means that it is a single user device. 2238 * @hide 2239 * @return a value greater than or equal to 1 2240 */ 2241 public static int getMaxSupportedUsers() { 2242 // Don't allow multiple users on certain builds 2243 if (android.os.Build.ID.startsWith("JVP")) return 1; 2244 // Svelte devices don't get multi-user. 2245 if (ActivityManager.isLowRamDeviceStatic()) return 1; 2246 return SystemProperties.getInt("fw.max_users", 2247 Resources.getSystem().getInteger(R.integer.config_multiuserMaximumUsers)); 2248 } 2249 2250 /** 2251 * Returns true if the user switcher should be shown, this will be if device supports multi-user 2252 * and there are at least 2 users available that are not managed profiles. 2253 * @hide 2254 * @return true if user switcher should be shown. 2255 */ 2256 public boolean isUserSwitcherEnabled() { 2257 if (!supportsMultipleUsers()) { 2258 return false; 2259 } 2260 // If Demo Mode is on, don't show user switcher 2261 if (isDeviceInDemoMode(mContext)) { 2262 return false; 2263 } 2264 List<UserInfo> users = getUsers(true); 2265 if (users == null) { 2266 return false; 2267 } 2268 int switchableUserCount = 0; 2269 for (UserInfo user : users) { 2270 if (user.supportsSwitchToByUser()) { 2271 ++switchableUserCount; 2272 } 2273 } 2274 final boolean guestEnabled = !mContext.getSystemService(DevicePolicyManager.class) 2275 .getGuestUserDisabled(null); 2276 return switchableUserCount > 1 || guestEnabled; 2277 } 2278 2279 /** 2280 * @hide 2281 */ 2282 public static boolean isDeviceInDemoMode(Context context) { 2283 return Settings.Global.getInt(context.getContentResolver(), 2284 Settings.Global.DEVICE_DEMO_MODE, 0) > 0; 2285 } 2286 2287 /** 2288 * Returns a serial number on this device for a given userHandle. User handles can be recycled 2289 * when deleting and creating users, but serial numbers are not reused until the device is wiped. 2290 * @param userHandle 2291 * @return a serial number associated with that user, or -1 if the userHandle is not valid. 2292 * @hide 2293 */ 2294 public int getUserSerialNumber(@UserIdInt int userHandle) { 2295 try { 2296 return mService.getUserSerialNumber(userHandle); 2297 } catch (RemoteException re) { 2298 throw re.rethrowFromSystemServer(); 2299 } 2300 } 2301 2302 /** 2303 * Returns a userHandle on this device for a given user serial number. User handles can be 2304 * recycled when deleting and creating users, but serial numbers are not reused until the device 2305 * is wiped. 2306 * @param userSerialNumber 2307 * @return the userHandle associated with that user serial number, or -1 if the serial number 2308 * is not valid. 2309 * @hide 2310 */ 2311 public @UserIdInt int getUserHandle(int userSerialNumber) { 2312 try { 2313 return mService.getUserHandle(userSerialNumber); 2314 } catch (RemoteException re) { 2315 throw re.rethrowFromSystemServer(); 2316 } 2317 } 2318 2319 /** 2320 * Returns a {@link Bundle} containing any saved application restrictions for this user, for the 2321 * given package name. Only an application with this package name can call this method. 2322 * 2323 * <p>The returned {@link Bundle} consists of key-value pairs, as defined by the application, 2324 * where the types of values may be: 2325 * <ul> 2326 * <li>{@code boolean} 2327 * <li>{@code int} 2328 * <li>{@code String} or {@code String[]} 2329 * <li>From {@link android.os.Build.VERSION_CODES#M}, {@code Bundle} or {@code Bundle[]} 2330 * </ul> 2331 * 2332 * <p>NOTE: The method performs disk I/O and shouldn't be called on the main thread 2333 * 2334 * @param packageName the package name of the calling application 2335 * @return a {@link Bundle} with the restrictions for that package, or an empty {@link Bundle} 2336 * if there are no saved restrictions. 2337 * 2338 * @see #KEY_RESTRICTIONS_PENDING 2339 */ 2340 @WorkerThread 2341 public Bundle getApplicationRestrictions(String packageName) { 2342 try { 2343 return mService.getApplicationRestrictions(packageName); 2344 } catch (RemoteException re) { 2345 throw re.rethrowFromSystemServer(); 2346 } 2347 } 2348 2349 /** 2350 * @hide 2351 */ 2352 @WorkerThread 2353 public Bundle getApplicationRestrictions(String packageName, UserHandle user) { 2354 try { 2355 return mService.getApplicationRestrictionsForUser(packageName, user.getIdentifier()); 2356 } catch (RemoteException re) { 2357 throw re.rethrowFromSystemServer(); 2358 } 2359 } 2360 2361 /** 2362 * @hide 2363 */ 2364 @WorkerThread 2365 public void setApplicationRestrictions(String packageName, Bundle restrictions, 2366 UserHandle user) { 2367 try { 2368 mService.setApplicationRestrictions(packageName, restrictions, user.getIdentifier()); 2369 } catch (RemoteException re) { 2370 throw re.rethrowFromSystemServer(); 2371 } 2372 } 2373 2374 /** 2375 * Sets a new challenge PIN for restrictions. This is only for use by pre-installed 2376 * apps and requires the MANAGE_USERS permission. 2377 * @param newPin the PIN to use for challenge dialogs. 2378 * @return Returns true if the challenge PIN was set successfully. 2379 * @deprecated The restrictions PIN functionality is no longer provided by the system. 2380 * This method is preserved for backwards compatibility reasons and always returns false. 2381 */ 2382 @Deprecated 2383 public boolean setRestrictionsChallenge(String newPin) { 2384 return false; 2385 } 2386 2387 /** 2388 * @hide 2389 * Set restrictions that should apply to any future guest user that's created. 2390 */ 2391 public void setDefaultGuestRestrictions(Bundle restrictions) { 2392 try { 2393 mService.setDefaultGuestRestrictions(restrictions); 2394 } catch (RemoteException re) { 2395 throw re.rethrowFromSystemServer(); 2396 } 2397 } 2398 2399 /** 2400 * @hide 2401 * Gets the default guest restrictions. 2402 */ 2403 public Bundle getDefaultGuestRestrictions() { 2404 try { 2405 return mService.getDefaultGuestRestrictions(); 2406 } catch (RemoteException re) { 2407 throw re.rethrowFromSystemServer(); 2408 } 2409 } 2410 2411 /** 2412 * Returns creation time of the user or of a managed profile associated with the calling user. 2413 * @param userHandle user handle of the user or a managed profile associated with the 2414 * calling user. 2415 * @return creation time in milliseconds since Epoch time. 2416 */ 2417 public long getUserCreationTime(UserHandle userHandle) { 2418 try { 2419 return mService.getUserCreationTime(userHandle.getIdentifier()); 2420 } catch (RemoteException re) { 2421 throw re.rethrowFromSystemServer(); 2422 } 2423 } 2424 2425 /** 2426 * @hide 2427 * Checks if any uninitialized user has the specific seed account name and type. 2428 * 2429 * @param accountName The account name to check for 2430 * @param accountType The account type of the account to check for 2431 * @return whether the seed account was found 2432 */ 2433 public boolean someUserHasSeedAccount(String accountName, String accountType) { 2434 try { 2435 return mService.someUserHasSeedAccount(accountName, accountType); 2436 } catch (RemoteException re) { 2437 throw re.rethrowFromSystemServer(); 2438 } 2439 } 2440 2441 /** 2442 * @hide 2443 * User that enforces a restriction. 2444 * 2445 * @see #getUserRestrictionSources(String, UserHandle) 2446 */ 2447 @SystemApi 2448 public static final class EnforcingUser implements Parcelable { 2449 private final @UserIdInt int userId; 2450 private final @UserRestrictionSource int userRestrictionSource; 2451 2452 /** 2453 * @hide 2454 */ 2455 public EnforcingUser( 2456 @UserIdInt int userId, @UserRestrictionSource int userRestrictionSource) { 2457 this.userId = userId; 2458 this.userRestrictionSource = userRestrictionSource; 2459 } 2460 2461 private EnforcingUser(Parcel in) { 2462 userId = in.readInt(); 2463 userRestrictionSource = in.readInt(); 2464 } 2465 2466 public static final Creator<EnforcingUser> CREATOR = new Creator<EnforcingUser>() { 2467 @Override 2468 public EnforcingUser createFromParcel(Parcel in) { 2469 return new EnforcingUser(in); 2470 } 2471 2472 @Override 2473 public EnforcingUser[] newArray(int size) { 2474 return new EnforcingUser[size]; 2475 } 2476 }; 2477 2478 @Override 2479 public int describeContents() { 2480 return 0; 2481 } 2482 2483 @Override 2484 public void writeToParcel(Parcel dest, int flags) { 2485 dest.writeInt(userId); 2486 dest.writeInt(userRestrictionSource); 2487 } 2488 2489 /** 2490 * Returns an id of the enforcing user. 2491 * 2492 * <p> Will be UserHandle.USER_NULL when restriction is set by the system. 2493 */ 2494 public UserHandle getUserHandle() { 2495 return UserHandle.of(userId); 2496 } 2497 2498 /** 2499 * Returns the status of the enforcing user. 2500 * 2501 * <p> One of {@link #RESTRICTION_SOURCE_SYSTEM}, 2502 * {@link #RESTRICTION_SOURCE_DEVICE_OWNER} and 2503 * {@link #RESTRICTION_SOURCE_PROFILE_OWNER} 2504 */ 2505 public @UserRestrictionSource int getUserRestrictionSource() { 2506 return userRestrictionSource; 2507 } 2508 } 2509 } 2510
